News

The Italian Data Protection Authority, Il Garante per la protezione dei dati personali (GPDP), has imposed a €15 million fine on OpenAI.

📝 The Facts:

🔹 Unlawful collection and processing of personal data:

OpenAI collected and processed user data from the earlier version of ChatGPT:

• Without providing prior information.

• Without a valid legal basis.

These actions constitute a violation of the principle of transparency and the information obligations owed to users under the GDPR.

🔹 Lack of age verification mechanisms:

OpenAI failed to implement systems to verify users’ age, thereby exposing:

➡️ 13-year-old children to content and responses inappropriate for their level of development and awareness.

⚖️ Consequences:

• Administrative fine: €15 million

Mandatory public awareness campaign in the media

🔧 Lessons and Recommendations:

✅ Improve transparency: Clearly inform users about the collection and use of their personal data.
✅ Establish a valid legal basis: Ensure each data processing activity relies on a proper legal foundation (consent, contract, etc.).
✅ Protect minors: Implement strong age verification mechanisms to prevent children from accessing inappropriate content.
✅ Maintain ongoing compliance: Conduct regular audits to ensure systems align with current regulations.